Bringing a Business Perspective to Cybersecurity Operations II
Facebook Twitter LinkedIn

Bringing a Business Perspective to Cybersecurity Operations II

Combined Session
Tuesday, October 08, 2019 14:15—15:15
Location: Holeman Lounge

Improving IoT Safety Using Standards to Improve IoT Security

The Internet of Things (IoT) is growing faster than our ability to safeguard ourselves. As IoT becomes ubiquitous, it is important to consider the safety impacts of cyber-physical systems. In the interest of public safety, future cybersecurity systems will adapt to threats in real time based on the standards being developed today.

This talk will cover identify several key industry standards and how they will contribute to IoT safety. It will conclude with a vision of how future IoT systems will be safer by tieing these activities together.

The Internet of Things (IoT) is growing faster than our ability to safeguard ourselves. As IoT becomes ubiquitous, it is important to consider the safety impacts of cyber-physical systems. In the interest of public safety, future cybersecurity systems will adapt to threats in real time based on the standards being developed today. 

The downsides of ignoring safety will be discussed with some IoT examples from the transportation, healthcare, factory, and utility sectors. After setting the stage on the importance of cybersafety using Fear, Uncertainty, and Doubt (FUD), I'll argue against using FUD and present the proven risk management scientific principles that should be used instead for all security decision making. Instead decisions will be done algorithmically based on proven scientific methods using security policy, risk tolerance, and the potential safety/financial impacts of the threat. Factor Analysis of Information Risk (FAIR) is a practical framework for understanding, measuring and analyzing information risk, and ultimately, for enabling well-informed decision making. The talk will give a brief introduction to FAIR and the Open Group standards related to it, as well as how it applies to IoT.

Modern software systems involve increasingly complex and dynamic supply chains. Lack of systemic transparency into the composition and functionality of these systems contributes substantially to cybersecurity risk. This talk will cover the work underway in a NTIA Working Group on Software Transparency and the use cases for Software Bill of Materials (SBoM).

The third principle necessary for IoT safety is responding to a cyber-attack at machine speed. The talk will cover why that is important to IoT and what should be done to achieve response in cyber-relevant time. The economic benefits of automation and machine-speed response will be presented. The OASIS OpenC2 standards for command & control (C2) will be discussed and how those standards will facilitate automation in IoT, particularly in conjunction with several other OASIS standards on sharing threat intelligence (STIX/TAXII) and playbooks (CACAO). The talk will conclude with a vision of how future IoT systems will be safer by tying these activities together.

Key take-aways:

Attendees will learn about the use cases for OpenC2, STIX/TAXII, and CACAO in the context of IoT safety.

Improving IoT Safety Using Standards to Improve IoT Security
Presentation deck
Improving IoT Safety Using Standards to Improve IoT Security
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Duncan Sparrell
Duncan Sparrell
sFractal Consulting LLC
Duncan Sparrell is a seasoned (aka old) network security evangelist with 40+ years of expertise in conceiving, developing and delivering state-of-the art software platforms. Duncan graduated from...

Making CTI Actionable: Closing the Feedback Gap

So you're receiving cyber threat intelligence (CTI) from outside sources. Great. Now what? How do you find the intelligence that's relevant to you and your organization? And how can you use that information to adopt a more proactive cyber defense posture?

This presentation will outline a strategy that information security analysts and engineers should consider to help them isolate relevant intelligence and make it more actionable by using their existing infrastructure of sensors and controls. With this strategy in play, teams and organizations will be able to think about cyber defense in proactive terms, and move away from only reacting after an attack has already hit their systems.

Questions answered by the speaker include:

Making CTI Actionable: Closing the Feedback Gap
Presentation deck
Making CTI Actionable: Closing the Feedback Gap
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Michael Pepin
Michael Pepin
Celerium

Tickets

CyberNext Summit & Borderless Cyber
€700
€1000
 
All days: Oct
Two day ticket
€550
€750
 
Day 1 + Day 2
€550
€750
 
Day 2 + Day 3
€550
€750
 
Day 1 + Day 3
€550
€750
 
One day ticket
€300
€500
 
Day 1
€300
€500
 
Oct
Day 2
€300
€500
 
Oct
Day 3
€300
€500
 
Oct
CyberNext Summit & Borderless Cyber - Gov. rate
€360
 
Government rate, All days: Oct
Two day ticket - Gov. rate
€295
 
Day 1 + Day 2
€295
 
Day 2 + Day 3
€295
 
Day 1 + Day 3
€295
 
One day ticket - Gov. rate
€230
 
Day 1
€230
 
Oct
Day 2
€230
 
Oct
Day 3
€230
 
Oct
Have you participated in our events?
Contact us to get a special discount
Subscribe for updates
Please provide your email address